General

  • Target

    a99ac28401808fa033018d6986b63b90_NEAS

  • Size

    90KB

  • Sample

    240507-q2k4vsaa2w

  • MD5

    a99ac28401808fa033018d6986b63b90

  • SHA1

    9197a027c083dc643911d88c08ed0060675cc1b8

  • SHA256

    ba59878f82c80a6d90f304303a59389159f5c95e98920ef2f9d43b8585b3a7e7

  • SHA512

    46887ce43b29871ef59d97b999816631096b75bbd550c75b3aca091924a3ea4710600708420edc296a0862f7f74c08e5b682a10f72ca87efd91c4f606f0813d4

  • SSDEEP

    1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

Malware Config

Targets

    • Target

      a99ac28401808fa033018d6986b63b90_NEAS

    • Size

      90KB

    • MD5

      a99ac28401808fa033018d6986b63b90

    • SHA1

      9197a027c083dc643911d88c08ed0060675cc1b8

    • SHA256

      ba59878f82c80a6d90f304303a59389159f5c95e98920ef2f9d43b8585b3a7e7

    • SHA512

      46887ce43b29871ef59d97b999816631096b75bbd550c75b3aca091924a3ea4710600708420edc296a0862f7f74c08e5b682a10f72ca87efd91c4f606f0813d4

    • SSDEEP

      1536:UiYwjQt6QJvzZsgDIWzm/xsXfv+hYhyQQyV5uv4JBrB7w5VRGulTG1ZCL8nj1oDK:0wjZQJvzZsgsW6/Afv+hYfQIm4/rdE3Y

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • ModiLoader Second Stage

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks